uprobe,bpf: Allow to change app registers from uprobe registers #5968
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Author
|
Upstream branch: b13448d |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
2b3c471 to
2211108
Compare
Author
|
Upstream branch: 180a46b |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
b17cd82 to
32ca42d
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
2211108 to
acca942
Compare
Author
|
Upstream branch: 6ff4a0f |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
32ca42d to
7c9dd8d
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
acca942 to
0821404
Compare
Author
|
Upstream branch: 3547a61 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
7c9dd8d to
4b4b4d6
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
0821404 to
028d6d4
Compare
Author
|
Upstream branch: 8cd189e |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
4b4b4d6 to
42291ce
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
028d6d4 to
0c300ac
Compare
Author
|
Upstream branch: 815276d |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
42291ce to
89949c7
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
0c300ac to
b38c040
Compare
Author
|
Upstream branch: 57cb269 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
89949c7 to
b4191ae
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
b38c040 to
1a8f119
Compare
Author
|
Upstream branch: 5612ea8 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
b4191ae to
c4f056d
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
1a8f119 to
da4ec66
Compare
Author
|
Upstream branch: 5a427fd |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
c4f056d to
6aac867
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
a98c373 to
f2c71e8
Compare
Author
|
Upstream branch: 348f611 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
22343e3 to
68085cd
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
f2c71e8 to
0af025f
Compare
Author
|
Upstream branch: 2383e45 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
68085cd to
315b00e
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
0af025f to
30b62c7
Compare
Author
|
Upstream branch: f0b5c14 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
315b00e to
62f1e0b
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
30b62c7 to
41e1333
Compare
Author
|
Upstream branch: 8b52d09 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
62f1e0b to
aec27d5
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
41e1333 to
34ccf81
Compare
Currently uprobe (BPF_PROG_TYPE_KPROBE) program can't write to the context registers data. While this makes sense for kprobe attachments, for uprobe attachment it might make sense to be able to change user space registers to alter application execution. Since uprobe and kprobe programs share the same type (BPF_PROG_TYPE_KPROBE), we can't deny write access to context during the program load. We need to check on it during program attachment to see if it's going to be kprobe or uprobe. Storing the program's write attempt to context and checking on it during the attachment. Acked-by: Andrii Nakryiko <[email protected]> Signed-off-by: Jiri Olsa <[email protected]>
If uprobe handler changes instruction pointer we still execute single step) or emulate the original instruction and increment the (new) ip with its length. This makes the new instruction pointer bogus and application will likely crash on illegal instruction execution. If user decided to take execution elsewhere, it makes little sense to execute the original instruction, so let's skip it. Acked-by: Oleg Nesterov <[email protected]> Acked-by: Andrii Nakryiko <[email protected]> Signed-off-by: Jiri Olsa <[email protected]>
Adding test to check we can change common register values through uprobe program. It's x86_64 specific test. Acked-by: Andrii Nakryiko <[email protected]> Signed-off-by: Jiri Olsa <[email protected]>
Adding test to check we can change the application execution through instruction pointer change through uprobe program. It's x86_64 specific test. Acked-by: Andrii Nakryiko <[email protected]> Signed-off-by: Jiri Olsa <[email protected]>
Adding test to check we can't attach standard kprobe program that writes to the context. It's x86_64 specific test. Acked-by: Andrii Nakryiko <[email protected]> Signed-off-by: Jiri Olsa <[email protected]>
Author
|
Upstream branch: 34f033a |
Adding test to check we can't attach kprobe multi program that writes to the context. It's x86_64 specific test. Acked-by: Andrii Nakryiko <[email protected]> Signed-off-by: Jiri Olsa <[email protected]>
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1003090=>bpf-next
branch
from
aec27d5 to
3d74e02
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
34ccf81 to
aea6d55
Compare
Author
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=1003090 irrelevant now. Closing PR. |
kernel-patches-daemon-bpf-rc
bot
deleted the
series/1003090=>bpf-next
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: uprobe,bpf: Allow to change app registers from uprobe registers
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1003090